From 9e483d62cac64c350afc0ba0369bbab3624e7783 Mon Sep 17 00:00:00 2001 From: Eugene Yokota Date: Sun, 3 Aug 2025 23:00:08 -0400 Subject: [PATCH 1/2] Update jsch to 0.2.23 --- project/Dependencies.scala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project/Dependencies.scala b/project/Dependencies.scala index 914217a48..03794241b 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -116,7 +116,7 @@ object Dependencies { val ivy = "org.scala-sbt.ivy" % "ivy" % "2.3.0-sbt-77cc781d727b367d3761f097d89f5a4762771d41" // lm dependencies - val jsch = "com.github.mwiede" % "jsch" % "0.2.17" intransitive () + val jsch = ("com.github.mwiede" % "jsch" % "0.2.23").intransitive() val gigahorseApacheHttp = "com.eed3si9n" %% "gigahorse-apache-http" % "0.9.3" // lm-coursier dependencies From 20eb4740433f889bc7752f14904385560bbd7f21 Mon Sep 17 00:00:00 2001 From: Roberto Tyley Date: Sun, 3 Aug 2025 23:06:19 -0400 Subject: [PATCH 2/2] Resolvers: clarify deprecation pointer to `sonatypeCentralSnapshots` The current deprecation messages for `sonatypeRepo()` & `sonatypeOssRepos()` (added with https://github.com/sbt/librarymanagement/pull/517) say: > use the following instead: resolvers += Resolver.sonatypeCentral**Snapshots** ...but following this advice can expose projects to using **snapshot** artifacts when they did not previously! This is unfortunate, as snapshots artifacts are inherently more risky, due to being mutable. For example, invocations of `sonatypeOssRepos()` like [this](https://github.com/guardian/frontend/blob/76234e013f550ac600fbf0bb924c19a1a6165295/project/plugins.sbt#L10): ```scala resolvers ++= Resolver.sonatypeOssRepos("releases") ``` ...should _not_ be replaced by `sonatypeCentralSnapshots()`, as, AFAIK, only non-snapshot releases would be in `sonatypeOssRepos("releases")` --- .../src/main/scala/sbt/librarymanagement/ResolverExtra.scala | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lm-core/src/main/scala/sbt/librarymanagement/ResolverExtra.scala b/lm-core/src/main/scala/sbt/librarymanagement/ResolverExtra.scala index 139d884ba..ede6e513e 100644 --- a/lm-core/src/main/scala/sbt/librarymanagement/ResolverExtra.scala +++ b/lm-core/src/main/scala/sbt/librarymanagement/ResolverExtra.scala @@ -143,7 +143,7 @@ private[librarymanagement] abstract class ResolverFunctions { ) @deprecated( - """Sonatype OSS Repository Hosting (OSSRH) will be sunset on 2025-06-30; use the following instead: + """Sonatype OSS Repository Hosting (OSSRH) was sunset on 2025-06-30; remove this resolver. If snapshots are required, use: resolvers += Resolver.sonatypeCentralSnapshots """, "1.7.0" @@ -161,7 +161,7 @@ private[librarymanagement] abstract class ResolverFunctions { ) @deprecated( - """Sonatype OSS Repository Hosting (OSSRH) will be sunset on 2025-06-30; use the following instead: + """Sonatype OSS Repository Hosting (OSSRH) was sunset on 2025-06-30; remove this resolver. If snapshots are required, use: resolvers += Resolver.sonatypeCentralSnapshots""", "1.11.2" )